auditd can find those acl setters :)
# auditctl -w /dev/kvm -p a -k kvm-acl-setter-foo
Later on:
# ausearch -k kvm-acl-setter-foo
pgpDrrFvZJqO9.pgp
Description: OpenPGP digital signature
Hi,
Chris Marusich skribis:
> I am content knowing that on Guix System, the intended way to control
> access to /dev/kvm is by using the "kvm" group. However, it still
> smells like we may have an ACL-related bug: It seems to be unexpected
> that ACLs are getting set for some devices (e.g., /de
Ludovic Courtès writes:
> Hi Chris,
>
> Chris Marusich skribis:
>
>> Ludovic Courtès writes:
>>
>>> Guix System doesn’t use ACLs at all.
>>>
>>> However, the udev rule for kvm sets it up like this:
>>>
>>> crw-rw 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm
>>>
>>> and the build users are par
On Thu, 27 Jun 2019 15:45:33 +0200
Ludovic Courtès wrote:
> I suspected a udev rule but ‘grep’ didn’t find any that explicitly does
> that, and there’s no code in eudev that fiddles with ACLs either, and
> nothing obvious in devtmpfs.c in Linux. So… it’s a mystery.
Might be elogind. It sets so
Hi Chris,
Chris Marusich skribis:
> Ludovic Courtès writes:
>
>> Guix System doesn’t use ACLs at all.
>>
>> However, the udev rule for kvm sets it up like this:
>>
>> crw-rw 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm
>>
>> and the build users are part of the ‘kvm’ group. I personally arran
Hi Ludo,
Ludovic Courtès writes:
> Guix System doesn’t use ACLs at all.
>
> However, the udev rule for kvm sets it up like this:
>
> crw-rw 1 root kvm 10, 232 Jun 24 08:38 /dev/kvm
>
> and the build users are part of the ‘kvm’ group. I personally arrange
> to have my user account in that
Hi Chris,
Chris Marusich skribis:
> I was trying to run some VMs via "guix system vm", and I noticed that
> I didn't have permission to use KVM. This issue can be worked around by
> running qemu as root, or by adding yourself to the "kvm" group.
> However, I found it curious that the /dev/kvm d
Hi,
I was trying to run some VMs via "guix system vm", and I noticed that
I didn't have permission to use KVM. This issue can be worked around by
running qemu as root, or by adding yourself to the "kvm" group.
However, I found it curious that the /dev/kvm device didn't have ACLs
granting me acces
